What issues have you encountered this year while recruiting cyber talent, if any?

Security & GRC Talent Sourcing & Hiring

Lack of formal qualifications8%

Lack of available talent53%

Lack of experience17%

Unwillingness to relocate6%

Lack of specific tool/software expertise2%

Unrealistic salary expectations8%

None of the above3%

592 PARTICIPANTS

3.5k views1 Upvote1 Comment

Sort by:

Senior Information Security Manager in Software4 years ago

When it comes to IT in general, and information security specifically, much of the so-called ‘talent shortage’ is due to companies that do not want to pay for talent.

They offer low-ball salaries/consulting rates and then complain they can’t find people.

https://engineering.tapad.com/the-fallacy-of-the-information-security-skill-shortage-c1214122e6c0

Content you might like

Procurement of bitcoin in ransomware situation. What are folks doing to prepare for the need of a large purchase of bitcoin in the need to pay ransomware. Yes ideally we would take the "we'll never pay approach" however, I think it's important to be realistic and in certain circumstances you may need to cross that line.
Are you tied into a retainer of some sort with an exchange or Bitcoin holding firm?

Are you recruiting IT workers to join cybersecurity?

Yes42%

It is being discussed40%

Not currently, but we have in the past13%

No3%

Unsure

View Results

Do you stipulate security standards that your suppliers must adhere to as part of your contracts?

Yes80%

No15%

Unsure4%

View Results

Has anyone drafted an SOW for a cloud-based SIEM with setup, migration, and maintenance? I’m working on a FedRAMP-authorized SIEM SOW, migrating from on-prem Splunk, covering data, searches, alerts, dashboards, and models. Scope includes Environment Setup: Cloud provisioning, configuration, testing. Connectors/Parsers: Custom data source integration. Content Development: Rules, use cases, threat feeds. Performance Tuning: Query/index optimization. Runbooks: Operational procedures. Also required: 24x7 support, maintenance, lifecycle and application management, role-based training, and documentation. Must comply with NIST SP 800-53, CJIS, and FedRAMP Moderate+. Goal: Secure, scalable SIEM for rapid deployment. I may be missing elements, so suggestions are welcome. Please share redacted SOWs or tips if possible.

What issues have you encountered this year while recruiting cyber talent, if any?

Sort by:

Content you might like

Are you recruiting IT workers to join cybersecurity?

Do you stipulate security standards that your suppliers must adhere to as part of your contracts?

How are you currently managing SIEM costs? Have you found effective ways to actually reduce storage costs for your SIEM?

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

How are U.S. CISOs Addressing Liability Risk?

CrowdStrike Outage: Impact And Recovery

Impact & Perceptions of A Privacy-First Digital Era

Challenges & Tools For A Privacy-First Internet Age

IT and Infosec Collaboration on Vulnerability Patching

Take Your Insights On-the-Go